Secondary Menu

Learn to Hack Ethically With RasPwn OS

Introduction: Learn to Hack Ethically With RasPwn OS

Do you want to learn how to hack computers and websites without going to jail? Thanks to the Raspberry Pi and RasPwn OS you can learn how to pen-test without even getting online!

This project shows how to use RasPwn OS to turn a Raspberry Pi 3 (or alternatively a Pi 2b + compatible WiFi adapter) into a private web server that has been designed to be intentionally vulnerable. RasPwn OS is a Raspberry Pi image that emulates a vulnerable Linux Web Server. It exists only to be attacked and comes pre-configured with DNS, SMTP, Samba, Apache and a host of web applications. The web applications are of two varieties-

Step 3: Get It Running

Now you can take the Raspberry Pi and plug in the SD card. If you are using a Pi 2b you should also plug in your USB WiFi adapter. You can also optionally plug in a monitor and keyboard. But it's not usually required.

Now plug in the power. On first boot the pi will expand the filesystem to the size of the SD card and reboot. (You may see SQL socket error from this if you have HDMI plugged in. Don't worry.) Once the system reboots You should be good to go!

To test connectivity From your computer look for a wireless access point with the SSID RasPwn OS and try to connect to it. The password is (In53cur3!).

If all of that worked, then proceed to the next step and start hacking!

If you do not see the RasPwn OS access point or cannot connect to it see 'Troubleshooting' at the end of the article.

Step 4: Choose Your Pen-Testing Distro

Now you have a target system ready for attack. But you will probably need to set up the system you are attacking from so that the tools and utilities you will need are at your fingertips. You've got a lot of options, many of which are beyond the scope of this article. You can use -

If this works you can proceed to the next step. (If not, see troubleshooting...)

Step 5: Set Up an Attack Proxy

Now that you've set up a system to hack and a system to hack from, you are ready! The last step is to set up a proxy. You have two choices and I recommend setting up *both* then just using whichever suits the task at hand

Burp Suite is a very nice attack proxy with both free and paid versions

To install both on Kali Linux run:

apt-get install zaproxy burpsuite

(Note that you don't run them both. At any given time you only run one of these as they use the same IP/port and perform the same function.)

Start either proxy, then start fiirefox and:

go to Preferences->Advanced->Network->Connection and click the Settings button.

In the window that pops up select 'Manual Proxy Configuration'.

Then in the 'http proxy' input box, enter localhost

and for the port enter 8080

select the checkbox that says 'use this proxy server for all protocols'

click OK

Your browser is now mostly configured to use your proxy. The last step is to accept the proxy's SSL cert so that it can succesfully MITM the browser session. For that follow the instructions below that match your proxy-

Step 6: Hack Away!

Now you have everything you need! To start hacking, open up firefox in Kali, connect to the RasPwn OS SSID, and navigate to http://playground.raspwn.org . There you will find a variety of web applications to attack. The RasPwn OS Web Playground includes out-of-date versions of popular apps as well as intentionally vulnerable web applications. The RasPwn Web Playground is a self-contained micro-verse and includes DNS, email, Samba, http servers, all pre-configured.and connected to each other. (For more information and to see a full list of the applications installed visit - http://www.raspwn.org/documentation )

Getting Started

Web hacking is a broad topic and RasPwn OS is vulnerable to a wide range of attacks. The following is a brief outline of the kinds of attacks that can be practiced, the tools available to do so and a list of further resources.

Attacks

XSS - Cross site scripting attacks are attacks that allow a user to feed input to a page that causes code to execute in the browsers of other users that visit the page. It's probably the easiest attack to execute on RasPwn as most of the web applications in the playground have known XSS vulnerabilities.

SQL Injection - SQL injection is an attack that allows web users to execute arbitrary queries inside the database environment either stealing or destroying data. It is also a fairly easy attack on RasPwn as several of the web applications in the playground have known SQL exploits.

RCE - Remote Code Execution is where a web user is able to execute code on the server as if they were logged on to it. It is not as easy of an attack as XSS or SQL injection, but again several RCE vulnerabilities exist in the RasPwn OS playground

DOS - DOS is fairly easy to demonstrate in PasPwn as we've only got limited resources to work with. (You will also want to have a heat sink with a fan if you intend to demonstrate DOS on the Raspberry Pi 3...)

These are just the lower hanging fruit that can be discovered by exploring the NVD database and comparing it to the apps installed in RasPwn OS.

Apps

A selection of mostly free applications to get started pen-testing and web hacking.

Step 7: Troubleshooting

you can connect to the SSID but the web playground is not accessible or

you wish to customize the RasPwn installation or

you want to play Red vs. Blue

you just want to poke around

THEN you will need to plug in a monitor and keyboard to the pi to figure out what's up. To log on to the pi the credentials are:

user - pi

password - pwnme!

The pi user can sudo without password so that gets root too.

The most likely cause of the SSID not working is an unsupported USB WiFi card. Once you have logged on to raspwn you will need to see if your card is both wifi and hostapd compatible. Both the ath9k driver and the RTL8188 driver are known to work . In theory any adapter compatible with hostapd should work. If your card works with hostapd in access point mode but not with RasPwn, then head over to raspwn.org for help. ;-)

make sure you don't have a second internet connection (i.e. a LAN cable connected to the internet in addition to the raspwn OS connection) RasPwn OS overrides DNS for the *.playground.raspwn.org subdomain .

Make sure you are not using cached DNS info by restarting either your browser or even your host. (see #1)

reconfigure the http server by logging on locally to the pi with the command sudo playground-cfg-apache

try using Nginx instead of Apache2 by logging on locally to the pi and with the command sudo playground-cfg-nginx

re-flash the RasPwn OS image

If the same issue still persists head to raspwn.org for help. this is a bug I want to hear about.